Consumerization of Warfare

As predicted a couple of months ago, NATO admitted to use Twitter in Libya for receiving information from rebels pertaining coordinates and movement s of the loyalist troops of Colonel Gaddafi.

Thanks to the famous six degrees of separation and the viral propagation model, Twitter ensures a rapid spread of information, but since it is far from a reliable medium, in the specific circumstance NATO indicated to “authenticate” the tweets of war by mean of more traditional media such as satellite images. This allowed, before taking any military action with missiles, to verify the consistency of the information received.

Whether we are aware or not, this is the dawning of a new age in warfare and, especially for the role played by new technologies (Mobile and Social Networks). An era brilliantly summarized by the term “Consumerization of Warfare” coined by Andrea Zapparoli Manzoni, which emphasizes the role of new consumer technologies (Social Network and Mobile) in a new war format (actually I coined the term Mobile Warfare, but unfortunately I have to admit that this term does not expresses the concept with the same completeness).

The issue is considerably more complicated than a simple tweet or a Facebook status update (a method that, although unconfirmed, is said to have been used by the Syrian Government to distribute DdoS software to its supporters for attacking adversary sites), and hides the (usual and well known) Social Network security issues, which are projected in a military dimension extending them in a much larger and dangerous scale both for senders and recipients of the tweets.

The main security concern relies in reputation, a bless and a curse for Social Networks. As already mentioned, in the specific circumstance the tweets of war were checked with “traditional” methods (anyway this is already an advantage since it is easier to check the veracity of a received information, rather than probing satellite images search for enemy outposts), but, generally speaking in absence of verification means, there is no guarantee concerning the truthfulness of a tweet, which, for instance might have been modified or manipulated up to the point of reversing the original content.

Moreover, the distribution channel is not what one would define “a reliable channel” and the chronic lack of privacy (which on one hand ensures a rapid spread of the tweets and/or status updates to a wider audience as possible) makes the tweets easily interceptable by the adversary, which is then able to implement adequate countermeasures, before the recipient has the time to act (on the other hand is rather easy to create a fake profile for following the tweets or status updates of the enemies ). Probably, in order to create some sort of encrypted channel between the peers, would be more effective to establish a priori a code and not to be too explicit in the indications (such as those found here), but from a theoretical point of view nothing prevents a conceptual step forward for thinking about encrypted and authenticated tweets (shifting the problem to the key exchange, but that’s another story). Without flying too much with imagination, all this delineates a real war strategy through Social Networks that the Armies of the (very near) future will have to seriously take into consideration.

And that is what is already happening: The U.S. Army already has special corps (a kind of Corps of Network and Security Engineers) dedicated to maintain the Internet connectivity in war zones by mean of, for instance, drones equipped with special antennas to provide 3G or Wi-Fi connectivity: recent events in middle east have shown that social network is an excellent medium for PsyOps operations as well as information exchange. As a further confirmation, few days ago, a scoop from NYT unleashed the project funded by the Obama Administration, for a portable “Internet in a Suitcase” and independent mobile networks, to ensure connectivity in war zones and/or backing dissidents to overtake censorship or Internet filters.

But while we are assisting to a growing use of “consumer ” technologies in war zones (up to the intention by the U.S. Army to use Android equipped devices on the battlefield), we are increasingly getting used to coarse countermeasures deployed by illiberal governments as well. Those countermeasures aim to stop internal protests and movements and span from completely shutting down of the Internet up to filtering social networks. As a consequence we may not exclude “a priori” that in the near future the countermeasures could become more sophisticated: cyber-attacks targeting social networks or tweet spoofing are two possible realistic countermeasures up to “(Mobile) Malware of State” specifically designed to alter or prevent communications from traditional or mobile endpoints . Fantasy? Maybe, even if Social Network has nothing to prove in terms of impact, after some countries preferred to completely shut the Internet, real lifeblood of every nation, in order to stop the spread of unwelcome information made with tweets and status updates (every individual may become a war reporter with a simple mobile device).

Maybe one day (near) the EULA of Social Networks will be modified to disallow the use of social media platforms for actions of virtual guerrilla or Cyberwarfare: certainly Consumerization of Warfare carries on, amplified, all the concerns of consumerization of Information Technology, that we are reporting for two years now, and that are just beginning to show all their malicious effects for security in the enterprise. This might definitely be a huge concern (think to a military devices with a 0-day vulnerability exploitable by the enemy) and for sure it is not a good omen considering that more and more federal agencies are winking to consumer technologies as well.

If you are interested to more information about Consumerization of Warfare (was Mobile Warfare), besides the link in the post:

Interesting Links

About This Blog

In this blog I express my personal opinion, which does not necessarily reflects the opinion of my organization, about events and news or interest, concerning information security, winking to mobile world and, why not, to some curious personal event.

Every information is reported with its source.

Anyone intending to use the information contained in my posts is free to do so, provided my blog is mentioned in your article.